100% virus and worm-free

Discussion in 'NZ Computing' started by dOTdASH, Aug 23, 2003.

  1. dOTdASH

    dOTdASH Guest

    and no I'm not just talking about your's truly :)

    Having read a huge amount of rhetoric, uninformed opinion and just plain
    crap posted over the last few days regarding the security issue I thought
    I'd post my $0.02 worth.

    FWIW, I've been using PC's since the mid-1980's and I've been using the
    internet since the mid-1990's. The PC is my primary tool of trade and I've
    used (and still use) a wide variety of software but predominantly Windows
    and Microsoft Office. In all that time I have never had one single infection
    with either a worm or virus. I'm not an uber-geek, I just see that keeping
    my PC current with virus sig updates and patches etc is part and parcel of
    using IT. It doesn't require a degree in computer science, just plain common
    sense. And my PC doesn't sit behind any fancy security hardware, all I'm
    currently using is the firewall in Windows XP although I have also tried
    Kerios and Zonealarm

    IMHO, securing any PC isn't particularly difficult but it could always be
    easier. User education is the key.
     
    dOTdASH, Aug 23, 2003
    #1
    1. Advertising

  2. "Nicholas Sherlock" <> wrote in message news:bi6f47$hek$...
    > dOTdASH wrote:
    > > and no I'm not just talking about your's truly :)
    > >
    > > Having read a huge amount of rhetoric, uninformed opinion and just
    > > plain crap posted over the last few days regarding the security issue
    > > I thought I'd post my $0.02 worth.
    > >
    > > FWIW, I've been using PC's since the mid-1980's and I've been using
    > > the internet since the mid-1990's. The PC is my primary tool of trade
    > > and I've used (and still use) a wide variety of software but
    > > predominantly Windows and Microsoft Office. In all that time I have
    > > never had one single infection with either a worm or virus.

    >
    > Same here!


    And me. To think, we didn't need to wait for some patronizing smarmy git
    to tell us to secure our machines.

    Tony.
     
    Anthony Neville, Aug 23, 2003
    #2
    1. Advertising

  3. dOTdASH

    Gavin Tunney Guest

    On Sat, 23 Aug 2003 12:08:37 +1200, "dOTdASH"
    <> wrote:

    <snip>
    >IMHO, securing any PC isn't particularly difficult but it could always be
    >easier. User education is the key.
    >


    User education is the key with many worms & viruses, although it does
    have to be said that a lot of worms in recent years got through by
    exploiting security flaws in Windows....there was no user intervention
    required for the worm to infect a PC.

    Educating users isn't an easy task though. I've lost count of the
    number of attempts I've made to explain file extensions to people, and
    am not confident I've ever got the message through about the
    significance of those three letters at the end of the name of the file
    they just received in their inbox....

    I'm quite surprised at the extent of the Sobig worm infections. Most
    users know not to run attachments, at least I thought they did, and
    yet Sobig ran rampant. Maybe it's been so long since we had such a
    simple worm that everyone got complacent. Doesn't bode well for the
    future if a new worm based purely on social engineering can get thru
    so easily.

    Gavin
     
    Gavin Tunney, Aug 23, 2003
    #3
  4. dOTdASH

    Evil Bastard Guest

    On Sat, 23 Aug 2003 13:34:43 +1200, Anthony Neville wrote:

    > And me. To think, we didn't need to wait for some patronizing smarmy git
    > to tell us to secure our machines.


    Good on you guys - you've done better than I did when I got my first
    Windows PC in '99 (was using and programming *nix machines from
    1982-1994).

    I look back at those times when my system was totally spyware infected,
    getting hacked every other week, and am amazed it wasn't even worse.

    Didn't take me long to learn how to cleanse and secure my box. But it
    still feels strange that Windows out of the box is so insecure.

    Maybe the Commerce Commission should order all computer retailers to sell
    M$ software with a sticker with the words:

    "This software may be highly vulnerable to attacks from across the
    internet. It may contain programming errors which result in malicious
    people anywhere in the world stealing personal information, crashing or
    destabilising your system, possibly resulting in data loss, identity
    theft, fraud or worse. Use this software strictly at your own risk, and
    take the time to research the current security literature and acquaint
    yourself with all the available countermeasures against attack."
     
    Evil Bastard, Aug 23, 2003
    #4
  5. dOTdASH

    Evil Bastard Guest

    Sympathy for the Devil

    On Sat, 23 Aug 2003 02:04:05 +0000, Gavin Tunney wrote:

    > Educating users isn't an easy task though. I've lost count of the
    > number of attempts I've made to explain file extensions to people, and
    > am not confident I've ever got the message through about the
    > significance of those three letters at the end of the name of the file
    > they just received in their inbox....


    I just gotta say to you MS support folk - YOU POOR BASTARDS!!! ;>

    On one hand, you did a marvelous, albeit incomplete, job of integrating
    hunks of disparate software into a package that can (to a large extent) be
    used out of the box by the masses.

    At that time, Unix/Linux/BSD was way back in the caves from a
    user-friendliness point of view.

    But then, you lumbered yourselves with the burden of users who expect
    Windows-based PCs to run like any other appliance. It's like people expect
    some kind of inbuilt AI that's 30 years ahead of its time.

    There surely must be some amazing stories of encounters with users.

    I could just imagine within MS a database of 'top 100 most ridiculous
    support calls'. Maybe the story of the blonde secretary using physical
    white-out on the screen while running Word is not totally an urban myth.

    I do feel though that much more of MS's astronomical software-markups
    should have been invested in software which educates people about their
    PCs, step by step, blocking their full access to the system until they're
    showing some understanding. Similar to the principle that you don't take
    the hood off a power-plug until you know the difference between
    phase/neutral/earth.

    So IMO, MS does have a case to answer from its shortcuts.

    I do sympathise with the message embedded in the Blaster virus - "Billy
    Gates, stop making money and fix your software".
     
    Evil Bastard, Aug 23, 2003
    #5
  6. Evil Bastard wrote:
    > Maybe the Commerce Commission should order all computer retailers to
    > sell M$ software with a sticker with the words:
    >
    > "This software may be highly vulnerable to attacks from across the
    > internet. It may contain programming errors which result in malicious
    > people anywhere in the world stealing personal information, crashing
    > or destabilising your system, possibly resulting in data loss,
    > identity theft, fraud or worse. Use this software strictly at your
    > own risk, and take the time to research the current security
    > literature and acquaint yourself with all the available
    > countermeasures against attack."


    The same can be said for Linux.

    Cheers,
    Nicholas Sherlock
     
    Nicholas Sherlock, Aug 23, 2003
    #6
  7. dOTdASH

    Enkidu Guest

    On Sat, 23 Aug 2003 14:09:43 +1200, Evil Bastard
    <postmaster@127.0.0.1> wrote:
    >
    >Didn't take me long to learn how to cleanse and secure my box. But it
    >still feels strange that Windows out of the box is so insecure.
    >

    ....compared to what? The average Unix box is insecure "out of the box"
    too, especially these RH install everything jobs. The first thing I do
    with a new Unix box is download all the security patches and updates
    that I can find and there are lots. And I turn off all those silly
    things that get installed whatever you do. You still need to harden a
    Unix box before connecting it to the Internet, especially a RH one. I
    also install tripwire and a couple of other things I'm not going to
    mention (grin!).

    Cheers,

    Cliff
    --

    Signed and sealed with Great Seal of the Executive
    Council of the Internet, by The Master of The Net.
     
    Enkidu, Aug 23, 2003
    #7
  8. dOTdASH

    Evil Bastard Guest

    On Sat, 23 Aug 2003 14:53:12 +1200, Nicholas Sherlock wrote:

    > Evil Bastard wrote:
    >> Maybe the Commerce Commission should order all computer retailers to
    >> sell M$ software with a sticker with the words:
    >>
    >> "This software may be highly vulnerable to attacks from across the
    >> internet. It may contain programming errors which result in malicious
    >> people anywhere in the world stealing personal information, crashing
    >> or destabilising your system, possibly resulting in data loss,
    >> identity theft, fraud or worse. Use this software strictly at your
    >> own risk, and take the time to research the current security
    >> literature and acquaint yourself with all the available
    >> countermeasures against attack."

    >
    > The same can be said for Linux.


    But people have a reasonable expectation of safety when they purchase
    *any* software.

    Like, if you buy a car and have stuff stored in the boot, you have a
    reasonable expectation that it won't be destroyed by corrosives when you
    least expect it.

    And to date, Windows exploit incidents outnumber Linux exploit incidents
    by orders of magnitude. Even on a per-capita basis, the incident rate for
    Windows is much higher.

    IF there was even a quarter of the political reaction to M$ bugs as there
    has been to the leaky buildings scandal, M$ would be running for cover
    here in NZ.


    >
    > Cheers,
    > Nicholas Sherlock
     
    Evil Bastard, Aug 23, 2003
    #8
  9. Evil Bastard wrote:
    > And to date, Windows exploit incidents outnumber Linux exploit
    > incidents by orders of magnitude. Even on a per-capita basis, the
    > incident rate for Windows is much higher.


    That's because to even get Linux installed, running and working, you need a
    moderate level of computer skill. This means that you are more likely to
    know how to set up a computer correctly.

    Cheers,
    Nicholas Sherlock
     
    Nicholas Sherlock, Aug 23, 2003
    #9
  10. dOTdASH

    Enkidu Guest

    On Sat, 23 Aug 2003 15:18:55 +1200, Lennier
    <> wrote:

    >On Sat, 23 Aug 2003 15:08:11 +1200, Enkidu wrote:
    >
    >> The first thing I do
    >> with a new Unix box is download all the security patches and updates that
    >> I can find and there are lots.

    >
    >If you're dealing with new Unix boxen, why is it that they need to be
    >patched so very soon after installation?
    >
    >Surely if you're dealing with Unix you've been given the latest
    >version of your particular variety of Unix, and the latest versions of the
    >software that the client has requested.
    >

    Because if you get an ISO of, say, RH8, it will have been made some
    time ago. RH do not upgrade their ISO with every new patch, I believe.
    The latest ISO is dated 13/3/2003 on the RH site, which is pretty old.
    If you have a boxed set it will be *at least* as old as that.

    You do not normally get given a copy of Linux with a server machine.
    For instance, on the Compaq DL360s that I have installed RH Linux, you
    get no operating system with the box.
    >
    >Besides, I imagine that these days there aren't all that many new
    >installations of Unix.
    >

    You are joking! Apart from anything else, hardware and software
    upgrades need to be done and sometimes it is easier to re-install than
    upgrade software.

    Cheers,

    Cliff
    --

    Signed and sealed with Great Seal of the Executive
    Council of the Internet, by The Master of The Net.
     
    Enkidu, Aug 23, 2003
    #10
  11. dOTdASH

    Evil Bastard Guest

    On Sat, 23 Aug 2003 15:56:28 +1200, Nicholas Sherlock wrote:

    > That's because to even get Linux installed, running and working, you need a
    > moderate level of computer skill. This means that you are more likely to
    > know how to set up a computer correctly.


    True to an extent.

    But Mandrake is one distro that Joe and Jane Sixpack can install right out
    of the box (some reviews find it easier than Windows to install), and its
    default security setup is far better than windows.
     
    Evil Bastard, Aug 23, 2003
    #11
  12. Evil Bastard wrote:
    > On Sat, 23 Aug 2003 15:56:28 +1200, Nicholas Sherlock wrote:
    >
    >> That's because to even get Linux installed, running and working, you
    >> need a moderate level of computer skill. This means that you are
    >> more likely to know how to set up a computer correctly.

    >
    > True to an extent.
    >
    > But Mandrake is one distro that Joe and Jane Sixpack can install
    > right out of the box (some reviews find it easier than Windows to
    > install), and its default security setup is far better than windows.


    But how many clueless newbies would choose Linux? Especially if they need to
    recompile drivers in order to get their hardware working.

    Cheers,
    Nicholas Sherlock
     
    Nicholas Sherlock, Aug 23, 2003
    #12
  13. dOTdASH

    Evil Bastard Guest

    On Sat, 23 Aug 2003 17:32:21 +1200, Nicholas Sherlock wrote:

    > But how many clueless newbies would choose Linux? Especially if they need to
    > recompile drivers in order to get their hardware working.


    This is becoming less and less the case.

    Especially with Mandrake's superlative device detection and
    auto-configuration which, in many areas, actually beats M$.

    Some allege that the problem to which you refer is largely brought about
    by M$ pressuring hardware vendors to not support open source OSs.
     
    Evil Bastard, Aug 23, 2003
    #13
  14. On Sat, 23 Aug 2003 17:32:21 +1200, Nicholas Sherlock wrote:

    > But how many clueless newbies would choose Linux? Especially if they need to
    > recompile drivers in order to get their hardware working.


    Sale of goods act: "I intend to run Linux on this computer. Will al lthe
    hardware be compatible with redhat9/Debian/Mandrake/whatever?"

    I've had more hardware incompatibility issues with Windows systems than
    with Linux anyway.
     
    Uncle StoatWarbler, Aug 23, 2003
    #14
  15. dOTdASH

    pbs Guest

    Nicholas Sherlock wrote:
    > Evil Bastard wrote:
    >
    >>Maybe the Commerce Commission should order all computer retailers to
    >>sell M$ software with a sticker with the words:
    >>
    >>"This software may be highly vulnerable to attacks from across the
    >>internet. It may contain programming errors which result in malicious
    >>people anywhere in the world stealing personal information, crashing
    >>or destabilising your system, possibly resulting in data loss,


    It does not take malicious people to crash or destabilise an MS system,
    Microsoft programmers can do all that with out help.

    > The same can be said for Linux.


    The biggest problems occur when attaching a system to the internet which
    do not lock out internet user access to the kernel of a system.

    I would imagine that NT and it's derivatives are more secure than Win95
    and it's derivatives.

    If the internet-user has system privileges, then system security via a
    user hierarchy goes out of the window (pun intended). If any unknown
    origin software is run as "root" (sysadmin) on a Linux/UNIX system then
    it could have many of the problems which plague Microsoft products.

    Most Linux/Unix users are indoctrinated with the idea that you create
    an user account for normal operations and only use root for
    system administration purposes. This is reinforced by the UNIX
    philosophy of "you asked for it you got it"; eg running "rm -rf *"
    (recursive delete all) on the wrong dir as root just once is enough
    of an education in this respect.

    I have been told that because most MS users started on a uni-access
    machines that when MS provide an sys-admin user many MS users just
    use that account because it is more convenient. I do not use post
    2000 MS products so I do not know if this is possible or true.

    It is not that attacks against UNIX have not occurred and been
    successful the sendmail worm in 1988 is the most famous. It is just that
    because under Linux/UNIX the danger has long been recognised system
    security is placed above ease of use.
    http://www.cerias.purdue.edu/homes/spaf/presents/Andersen.pdf


    Since 1988 I have not met one UNIX system programmer who is unaware
    of the problem of using the C function gets(FILE *stream), they would
    all use fgets(char *s, int size, FILE *stream) or somthing simiar.

    In the case of attacks like the ping of death, It can be argued that
    the distributed nature of open source development and source/binary
    propagation allow for the faster fixing of problems over perpriatory
    solutions. This goes for potential intellectual property infringements
    as much as virus attacks.
     
    pbs, Aug 24, 2003
    #15
  16. dOTdASH

    Disco Stu Guest

    Evil Bastard wrote:
    >
    > But people have a reasonable expectation of safety when they purchase
    > *any* software.
    >
    > Like, if you buy a car and have stuff stored in the boot, you have a
    > reasonable expectation that it won't be destroyed by corrosives when you
    > least expect it.
    >
    > And to date, Windows exploit incidents outnumber Linux exploit incidents
    > by orders of magnitude. Even on a per-capita basis, the incident rate for
    > Windows is much higher.
    >
    > IF there was even a quarter of the political reaction to M$ bugs as there
    > has been to the leaky buildings scandal, M$ would be running for cover
    > here in NZ.
    >
    >
    >
    >>Cheers,
    >>Nicholas Sherlock

    >
    >


    Don't forget that hacking and virus writing is illegal. A Windows OS
    not subject to criminal manipulation would be far more secure.

    I think if you were going to claim Microsoft had a financial
    responsibility to ensure their boxes couldn't be hacked, you would need
    to extend this to your car analogy.

    Wouldn't it be great if car makers were held liable and had to reimburse
    owners if ever their brand car was broken into, vandalized or stolen?

    It would also be fantastic if car makers reported that their security
    systems were vulnerable to a 'coat hanger loop' overflow and provided
    you with a new, superior lock mechanism free of charge.

    I hold no particular bias towards Microsoft (I use Redhat myself), but I
    think their OS is basically as secure as any other. People I work with
    can crack an OSX admin password in 4 easy steps, we can run Linux
    password sniffer that will give you dozens of cleverly entered
    birthdates and pet names within minuets. We have Linux AV clients
    because there is Linux borne malware.

    The last time I looked, Microsoft OSs were present on 95% of the worlds
    Desktop operating systems. If you wanted to code a virus that annoyed
    the most people, the obvious choice would be to target the Windows OS.

    I don't see Windows as being especially insecure, just the most popular
    target for malware coders.
     
    Disco Stu, Aug 25, 2003
    #16
  17. "Disco Stu" <stu@springfield_dance_studio.com> wrote in message
    news:...
    >
    > The last time I looked, Microsoft OSs were present on 95% of the worlds
    > Desktop operating systems. If you wanted to code a virus that annoyed
    > the most people, the obvious choice would be to target the Windows OS.
    >


    Isn't that a good reason why Microsoft should take all reasonable steps to
    protect their home system non-corporate users and produce a home operating
    system that doen't have ports that aren't used by most people exposed and
    firewall switched off for no good reason.

    As the Washington Post pointed out, its like leaving your car unlocked with
    the keys in the ignition and a note that says please don't steal. Its OK
    inside your gate but stupid in the bad part of town.

    The next phase that is being predicted is for exploited machines to be used
    as open relays for spam, so it is an issue that affects us all if we use the
    internet, regardless of whether we are propellerhead geeks with skillz, or
    corporate support droids or home users. Its not just a problem for the
    exploited.

    I'm alright Jack until I get crushed by spam.
     
    Howard Johnson, Aug 25, 2003
    #17
  18. Howard Johnson wrote:
    > The next phase that is being predicted is for exploited machines to
    > be used as open relays for spam


    Predicted? Are you kidding? This is already happening. You get "infected" by
    a spammer worm, then bulk-mail companies use your computer to spam.

    Cheers,
    Nicholas Sherlock
     
    Nicholas Sherlock, Aug 25, 2003
    #18
  19. Hi there,

    Nicholas Sherlock wrote:
    > Evil Bastard wrote:
    >
    >>And to date, Windows exploit incidents outnumber Linux exploit
    >>incidents by orders of magnitude. Even on a per-capita basis, the
    >>incident rate for Windows is much higher.

    >
    > That's because to even get Linux installed, running and working, you need a
    > moderate level of computer skill. This means that you are more likely to
    > know how to set up a computer correctly.


    Which distro is the last one you watched being installed? If I compare
    installing Windows and Linux (Mandrake 9.1 in my case), the Mandrake
    one is quite noticeably simpler in layout and faster in doing the job.

    The prime reason why retailers pre-install Windows is because many of
    the people buying a PC would NOT be able to easily survive the Windows
    installation 'experience'...some of them can't even handle a 50-digit
    number!

    Kind regards,

    Chris Wilkinson, Christchurch.
     
    Chris Wilkinson, Aug 25, 2003
    #19
  20. Chris Wilkinson wrote:
    > Hi there,
    >
    > Nicholas Sherlock wrote:
    >> Evil Bastard wrote:
    >>
    >>> And to date, Windows exploit incidents outnumber Linux exploit
    >>> incidents by orders of magnitude. Even on a per-capita basis, the
    >>> incident rate for Windows is much higher.

    >>
    >> That's because to even get Linux installed, running and working, you
    >> need a moderate level of computer skill. This means that you are
    >> more likely to know how to set up a computer correctly.

    >
    > Which distro is the last one you watched being installed? If I compare
    > installing Windows and Linux (Mandrake 9.1 in my case), the Mandrake
    > one is quite noticeably simpler in layout and faster in doing the job.


    I have Mandrake 9.1 installed, thanks.

    Lots of computers come with Windows pre-installed, so a lot of users would
    have no idea how to install Windows (You want me to put WHAT into the
    cup-holder??).

    Cheers,
    Nicholas Sherlock
     
    Nicholas Sherlock, Aug 25, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike W.
    Replies:
    2
    Views:
    2,126
    Darren Green
    Apr 17, 2004
  2. Lord Shaolin
    Replies:
    6
    Views:
    2,729
    John Tate
    Aug 20, 2003
  3. code_wrong

    worm/spybot.17.t (worm spybot 17t) detected by AVG

    code_wrong, May 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    833
    code_wrong
    May 15, 2004
  4. Imhotep
    Replies:
    4
    Views:
    755
    Edw. Peach
    Jan 30, 2006
  5. Danny

    Worm\Spybot (P2P-Worm.Win32.SpyBot.a)

    Danny, Aug 14, 2005, in forum: Computer Information
    Replies:
    0
    Views:
    549
    Danny
    Aug 14, 2005
Loading...

Share This Page